Bugtraq mailing list archives
Re: Responses to syslogd killing
From: zack () RABI PHYS COLUMBIA EDU (Zack Weinberg)
Date: Tue, 21 Oct 1997 17:25:44 -0400
On Tue, 21 Oct 1997 14:45:01 -0400, lb wrote:
Also, alot of people are under the impression that this has nothing to do with DNS. I tried it many times to make sure, because it seemed exploitable to me.. I would watch the syslog message come in, watch the DNS query go out, and then watch syslogd die. If I inserted a DNS entry for the IP in question, syslogd would query and work fine.. if I removed the DNS entry again, syslogd would crash. Perhaps you're right.. but I'll stick to my assumption. hoho.
I have encountered this bug too. It can crop up in benign situations such as when you have an HP network printer with no name configured to do network logging. In this case it suffices to add an entry to /etc/hosts to prevent the bug -- probably the code neglects to check the return value of gethostbyaddr(). zw
Current thread:
- Remotely kill Solaris syslogd lb - STAFF (Oct 21)
- Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Oops: Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Responses to syslogd killing lb (Oct 21)
- Re: Responses to syslogd killing Zack Weinberg (Oct 21)
- <Possible follow-ups>
- Re: remotely kill solaris syslogd Chris Wilson (Oct 21)
- Re: remotely kill solaris syslogd Paul Tatarsky (Oct 23)
- IRIX /var/inst/patchbase Paul Tatarsky (Oct 23)
- Re: IRIX /var/inst/patchbase Alain Renaud (Oct 25)
- KSR[T] Advisory #004: printfilter / groff / lpd KSR[T] (Oct 25)